SPONSORED SUPPLEMENT: Securing the e-Payments Process

(Page 2 of 4)

One way to achieve that education is by constant forceful reminders. Forrester’s research found that donations that many retailers accepted after Sept. 11, 2001, went a long way toward recruiting new online shoppers and Kelley believes that was due in part to the sites’ constantly reinforcing that the transaction was safe. Forrester reports that 82% of consumers who had never bought online but went online to make a donation became online buyers as a result of their experience. “Those sites displayed links throughout that said things like Why your payment is secure,” Kelley says. “It’s that sort of thing right in the purchase process that people need. Unfortunately, those messages are missing from most sites.”

Such messages are the first step in an education process that many others believe is crucial to the continued success of online retailing. “The real problem with credit card fraud on the Internet is not from the losses resulting from the fraud itself-it’s the potential sales that e-retailers lose because they’ve allowed the perception to fester that consumers are risking fraud on the Internet,” says AmeriNet’s Kerlin. “I don’t know of any effort to remind customers that they don’t have any risk when they use their cards for payment on the Internet.”

Fewer eyes looking

Related Articles

The truth is that most Internet transactions are more secure than store transactions, simply because fewer eyes see an online transaction than see a store transaction. “If you give someone a check in the store, not only does the clerk see it but the bookkeeper might see it, the processors at all the banks along the way will see it, and it’s carrying all kinds of identity information like Social Security number, driver’s license number, bank account number, bank number,” says Jerry Mossbacher, senior vice president of TeleCheck, a division of First Data Corp., which sells e-check services. “A check transaction online is much safer and more secure.”

Overcoming consumers’ misperceptions is difficult, though, partly because the issue does not always sway to rational arguments. “There is an emotional factor here,” Renzulli says. “Even though you know the card will be replaced and you have no financial risk whatever if your card account is stolen, people still feel violated. They feel something has been taken from them.”

The other side of the fraud question rests with retailers. While consumers may be perceiving fraud as greater than it is, merchants are indeed experiencing fraud-and paying for it. Whether outright fraud or friendly fraud, issuing banks almost always charge a disputed credit card transaction back to the merchant, who then must prove that the cardholder actually bought and received the merchandise. For web-based transactions, that’s usually not an easy task. In store-based retailing, the merchant can retrieve the receipt with the customer’s signature and as long as the signature is valid, the customer is held responsible. But no such record exists for online transactions, and so merchants and payments processors have focused on catching fraud before it happens.

Those efforts at preventing fraud take a number of forms, both proprietary to individual processors and common to the market, such as Verified by Visa or MasterCard’s SecureCode. The proprietary solutions range from authorizing transactions against massive databases of customer behavior and payment history to scoring transactions by merchant, customer, time of day and other criteria to systems that capture the card verification values on signature panels on the backs of cards.

The proprietary solutions generally favor a passive approach to authorization-neither merchant nor consumer need do anything out of the ordinary to effect payment. “Merchants want to reduce friction as much as possible during checkout,” says Mossbacher of TeleCheck. “Consumers prefer their online shopping experience to mirror what they do face-to-face in a store.”

TeleCheck, which started life as a check authorization service for store retailers, relies in part on its database of 547 million records to combat fraud. It has built that database over 40 years from 306,000 subscriber locations. When a customer checks out at a TeleCheck merchant site, TeleCheck grabs whatever consumer data it can from the checkout process, such as customer name, address, ship-to address, and uses that to create an authorization request. It runs the data against such elements in its database as known fraudulent accounts, names of banks that criminals use to set up bogus accounts, check-writing histories as well as such less exotic data as name, address and account number. “We treat it just as we would an authorization request from the point of sale,” Mossbacher says.

TeleCheck also offers consumers an option to register with a password so that when they shop at Telecheck merchant sites again they will feel secure about how their data is being used. But retailers’ focus on making their sites-especially checkout-easy to use has doomed similar previous offerings, some of which asked customers to answer certain questions in order for the processor to authorize a transaction. Some consumers didn’t know the answers to questions that the processor generated from its own database (what is the name of your mortgage company? how much is your monthly payment? etc.). Others balked at having to complete another step to checkout.

The consumer library

And merchants often didn’t like the process. “There’s been a movement away from that kind of security,” says Jan Whitfield, vice president of consumer not present payment solutions at Alpharetta, Ga.-based Certegy, which started as Telecredit Inc. in 1961, was acquired by Equifax Inc. in 1990 and spun off from Equifax in July 2001 It serves 329,000 retail customers and provides e-check services to such major online and direct-to-consumer retailers as Sears Parts Direct, Gateway Inc. and Dell Computer Corp. Certegy previously offered a service called PayNet that required consumers to register, then authorized transactions by asking them a series of qualifying questions. “Merchants weren’t sure how customers would react to the questioning,” Whitfield says. “Certain merchants have always been reluctant to ask for sensitive information.”

Certegy now authorizes transactions against what it calls a Consumer Library, a series of databases that contain such information as personal identifiers, shopping patterns, drivers licenses and account information associated with particular names and other information. Certegy runs transactions against the various databases depending on merchants’ needs. The merchant weighs the benefits of each level of more detail against the cost of obtaining the higher authorization and the merchant’s own risk of fraud.